Hi Winfried,
On 17 May 2018 at 00:34, Winfried Tilanus winfried@tilanus.com wrote:
Maybe it is better to elaborate what issues you do see.
To be honest, I don't think the GDPR is such a burden, certainly not for OS projects.
I disagree.
You're right below, that the GDPR encodes good principles, and those who have been conscientiously following best practice for privacy will not have an issue.
However, it's well documented on this list what the issues are. Many of the tools used in open-source development have distributed PII far and wide, and do not have good mechanisms to deal with it. Scrubbing Bugzilla is difficult. Mailman requires a massive amount of text parsing, as it distributes PII through the headers as well as mail bodies: stripping information from there involves scraping through files in three formats, decoding MIME, and even then basic tools like grep are insufficient, because the PII might be split across line breaks with quote marks in between.
No-one has yet come up with a solution for GIt, which is fundamentally intractable.
Many of these platforms (including mine - freedesktop.org) have historically been understaffed on the admin and tooling side.
So yes, if we had all been doing a much better job then there would be no problem. But that's plainly not the case today; if there was no problem, then there would be no need for this list.
Sweeping 'there is no burden' statements do not help those of us tasked with the burden of picking up the pieces (many of us doing so in our own spare time). I joined the list in the hope of practical advice and solutions to the very real problems myself and others face; if it's just to be lectured at by people in a far less bad position, then the list is of no value to me.
Cheers, Daniel